VMS authentication to Windows AD - VMS

This is a discussion on VMS authentication to Windows AD - VMS ; I need to have my users periodically change their passwords, but most of them are computer illiterate (they have no idea what a command line is and sometimes have a hard time logging into a Windows Domain without help). Is ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: VMS authentication to Windows AD

  1. VMS authentication to Windows AD

    I need to have my users periodically change their passwords, but most of
    them are computer illiterate (they have no idea what a command line is and
    sometimes have a hard time logging into a Windows Domain without help). Is
    there anyway to have VMS authenticate to a Windows 2000 AD Domain? I'm
    reasonably sure I can train them to change their passwords when prompted by
    the domain.

    TCPIP SHO VER returns

    Compaq TCP/IP Services for OpenVMS Alpha Version V5.3 - ECO 2
    on a AlphaServer 1200 5/533 4MB running OpenVMS V7.3-1

    Thanks,
    Mike Ober.



  2. Re: VMS authentication to Windows AD

    I just read the Kerberos thread and will monitor it. It appears I'll have
    to wait until VMS 8.2 for one network/one password integration.

    Mike.

    "Michael D. Ober" wrote in message
    news:SARPb.10$1b1.25455@news.uswest.net...
    > I need to have my users periodically change their passwords, but most of
    > them are computer illiterate (they have no idea what a command line is and
    > sometimes have a hard time logging into a Windows Domain without help).

    Is
    > there anyway to have VMS authenticate to a Windows 2000 AD Domain? I'm
    > reasonably sure I can train them to change their passwords when prompted

    by
    > the domain.
    >
    > TCPIP SHO VER returns
    >
    > Compaq TCP/IP Services for OpenVMS Alpha Version V5.3 - ECO 2
    > on a AlphaServer 1200 5/533 4MB running OpenVMS V7.3-1
    >
    > Thanks,
    > Mike Ober.
    >
    >




  3. Re: VMS authentication to Windows AD

    In article , "Michael D. Ober" writes:
    >I need to have my users periodically change their passwords, but most of
    >them are computer illiterate (they have no idea what a command line is and
    >sometimes have a hard time logging into a Windows Domain without help). Is
    >there anyway to have VMS authenticate to a Windows 2000 AD Domain? I'm
    >reasonably sure I can train them to change their passwords when prompted by
    >the domain.


    Check the VMS docs for "external authentication" and/or "ACME".
    This means, with the help (of a part) of the Advanced Server
    VMS users can authenticate with the LanMan-Domain passwords.

    PWRK$ACME_DEFAULT_DOMAIN "lanman-domain"
    PWRK$ACME_MODULE SYS$SHARE:PWRK$ACME_MODULE_arch.EXE
    SYS$ACME_MODULE PWRK$ACME_MODULE
    SYS$SINGLE_SIGNON bitmask (eg. 3 or 80000003)

    Check for /FLAG=EXTAUTH in AUTHORIZE, too

    --
    Peter "EPLAN" LANGSTOEGER
    Network and OpenVMS system specialist
    E-mail peter@langstoeger.at
    A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist

  4. Re: VMS authentication to Windows AD

    External authentication has been possible since VMS V7.2-1 and possibly
    before then. I never tried it because:
    a. I didn't need it, and
    b. I'd hate to trust my security to Microsoft!

    RTFM for the details.

    Michael D. Ober wrote:

    >I need to have my users periodically change their passwords, but most of
    >them are computer illiterate (they have no idea what a command line is and
    >sometimes have a hard time logging into a Windows Domain without help). Is
    >there anyway to have VMS authenticate to a Windows 2000 AD Domain? I'm
    >reasonably sure I can train them to change their passwords when prompted by
    >the domain.
    >
    >TCPIP SHO VER returns
    >
    > Compaq TCP/IP Services for OpenVMS Alpha Version V5.3 - ECO 2
    > on a AlphaServer 1200 5/533 4MB running OpenVMS V7.3-1
    >
    >Thanks,
    >Mike Ober.
    >
    >
    >
    >



  5. Re: VMS authentication to Windows AD

    Richard B. Gilbert wrote:
    > External authentication has been possible since VMS V7.2-1 and possibly
    > before then. I never tried it because:
    > a. I didn't need it, and
    > b. I'd hate to trust my security to Microsoft!
    >


    You don't have to.

    Assuming that VMS can support external authentication using
    LDAP then install a 3rd party LDAP server that has an AD
    gateway, point your VMS boxes at the LDAP server and your
    windows boxes at the AD server(s) and let the gateway keep
    the passwords etc in sync.

    Regards
    Andrew Harrison
    > RTFM for the details.
    >
    > Michael D. Ober wrote:
    >
    >> I need to have my users periodically change their passwords, but most of
    >> them are computer illiterate (they have no idea what a command line is
    >> and
    >> sometimes have a hard time logging into a Windows Domain without
    >> help). Is
    >> there anyway to have VMS authenticate to a Windows 2000 AD Domain? I'm
    >> reasonably sure I can train them to change their passwords when
    >> prompted by
    >> the domain.
    >>
    >> TCPIP SHO VER returns
    >>
    >> Compaq TCP/IP Services for OpenVMS Alpha Version V5.3 - ECO 2
    >> on a AlphaServer 1200 5/533 4MB running OpenVMS V7.3-1
    >>
    >> Thanks,
    >> Mike Ober.
    >>
    >>
    >>
    >>

    >



  6. Re: VMS authentication to Windows AD

    Hi Mike,

    Yes you can. You need to install, configure, and run Advanced Server for
    OpenVMS and modify user's OpenVMS accounts (in sysuaf.dat) to include the
    flag EXTAUTH.

    Advanced Server for OpenVMS can participate in your Windows 2000 domain as a
    Member server.

    If the user's Windows domain username doesn't match their OpenVMS username,
    use the command:

    $ ADMIN ADD HOSTMAP

    command to associate the two (Advanced Server must be running).

    Once the extauth flag is set, the user is no longer validated against the
    sysuaf username/password, but instead their Windows domain username and
    password (case sensitive, of course). When they change their domain
    password, the next time they login to OpenVMS, it triggers a sync of their
    sysuaf account password (just in case the user stops using extauth or they
    have some network (aka client/server) app that accesses sysuaf.dat directly
    to verify a user's credentials).

    Best of all, no license required if you use Advanced Server for extauth
    only. The Advanced Server client access licenses are necessary only if you
    wish to allow your Windows clients to map to file/print shares served by
    Advanced Server for OpenVMS.

    Highly recommend you obtain the latest/greatest release - v7.3A ECO2 -
    available on the ITRC ftp site ftp://ftp.itrc.hp.com/. Look for a saveset
    named

    CPQ-AXPVMS-ADVANCEDSERVER-V0703-A2-1.PCSI-DCX_AXPEXE

    (I can't currently get to the site to confirm ECO2 is now there)...

    HTH,


    Paul

    "Michael D. Ober" wrote in message
    news:SARPb.10$1b1.25455@news.uswest.net...
    > I need to have my users periodically change their passwords, but most of
    > them are computer illiterate (they have no idea what a command line is and
    > sometimes have a hard time logging into a Windows Domain without help).

    Is
    > there anyway to have VMS authenticate to a Windows 2000 AD Domain? I'm
    > reasonably sure I can train them to change their passwords when prompted

    by
    > the domain.
    >
    > TCPIP SHO VER returns
    >
    > Compaq TCP/IP Services for OpenVMS Alpha Version V5.3 - ECO 2
    > on a AlphaServer 1200 5/533 4MB running OpenVMS V7.3-1
    >
    > Thanks,
    > Mike Ober.
    >
    >




  7. Re: VMS authentication to Windows AD

    Hi Michael,
    RADIUS server for OpenVMS can interact with M$ Window PDC/BDC.

    Have a look at www.radiusvms.com

    Michael D. Ober wrote:

    > I need to have my users periodically change their passwords, but most of
    > them are computer illiterate (they have no idea what a command line is and
    > sometimes have a hard time logging into a Windows Domain without help). Is
    > there anyway to have VMS authenticate to a Windows 2000 AD Domain? I'm
    > reasonably sure I can train them to change their passwords when prompted by
    > the domain.
    >
    > TCPIP SHO VER returns
    >
    > Compaq TCP/IP Services for OpenVMS Alpha Version V5.3 - ECO 2
    > on a AlphaServer 1200 5/533 4MB running OpenVMS V7.3-1
    >
    > Thanks,
    > Mike Ober.
    >
    >
    >


    --
    Cheers, Ruslan.
    +---------------------pure personal opinion------------------------+
    RADIUS Server for OpenVMS project - www.starlet.spb.ru/radiusvms/
    TKD (WTF) in Russia, St.-Petersburg - www.TaeKwonDo-WTF.SPb.RU


+ Reply to Thread